Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress 2.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4276
The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated malicious users to ch...
Johnkolbert Absolute Privacy
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
NA
CVE-2023-0761
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Staff members, which could allow malicious users to make logged in admins delete arbitrary Staff via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
NA
CVE-2023-0762
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting designations, which could allow malicious users to make logged in admins delete arbitrary designations via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
NA
CVE-2023-0763
The Clock In Portal- Staff & Attendance Management WordPress plugin up to and including 2.1 does not have CSRF check when deleting Holidays, which could allow malicious users to make logged in admins delete arbitrary holidays via a CSRF attack
Infigosoftware Clock In Portal- Staff \\& Attendance Management
NA
CVE-2013-10026
A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The a...
Webfwd Mail Subscribe List
NA
CVE-2022-0316
The WeStand WordPress theme prior to 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPr...
Chimpgroup Westand
Chimpgroup Bolster -
Soundblast Project Soundblast -
Spikes-black Project Spikes-black -
Chimpgroup Spikes -
Pixfill Kings Club -
Club-theme Project Club-theme -
Statfort Project Statfort -
Aidreform Project Aidreform -
Footysquare Project Footysquare -
1 Github repository
NA
CVE-2022-4110
The Eventify™ WordPress plugin up to and including 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example ...
Eventify Project Eventify
3.5
CVSSv2
CVE-2022-1763
Due to missing checks the Static Page eXtended WordPress plugin up to and including 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the la...
Static Page Extended Project Static Page Extended
4.3
CVSSv2
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Tipsandtricks-hq Wp Simple Adsense Insertion
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »